Consumer Confusion over FCC’s Arbitrary Privacy Policymaking

What’s a consumer to think about what the FCC’s responsibility is for their privacy protection?

Let me try to explain to a consumer what the Federal Communications Commission (FCC) arbitrarily has done, and apparently intends to do, for consumer internet privacy protection going forward.

By way of background, for the first decade of the Internet when consumers used dial-up technology, the FCC was responsible for protecting consumers’ private network information from commercial use without their permission.

For the second decade of the Internet when consumers came to use broadband technology, the FCC ceded its dial-up-Internet privacy protection authority to the Federal Trade Commission (FTC) which became responsible for consumer privacy protection from unfair and deceptive practices consistently across the entire American Internet ecosystem, regardless of who interacted with consumers’ private information.

Last spring, in order to assert legal authority to enforce net neutrality to protect edge providers from potential traffic discrimination in the FCC’s Open Internet Order, the FCC incidentally clawed back some privacy authority over Internet communications -- over the FTC’s strong objections.

To do so, the FCC had to re-imagine and declare that the broadband Internet was the same as the Public Switched Telephone Network for legal purposes, despite one being a predictable, closed-circuit, switched, network and the other being an unpredictable, open packet-switched, routed Internetwork.

At the last minute, and over the best judgment of the FCC’s legal team, the FCC ceded to a petition from Google, which wanted the FCC to legally split the Internet effectively into different two halves, upstream communications traffic and downstream communications traffic, where the FCC would be responsible for utility regulation of the upstream communications traffic half of Internet service coming from the consumer to “edge providers” (Google, Facebook, Amazon, etc.), while the FTC apparently would be responsible for the downstream communications traffic half coming from the edge providers to the consumer.

So consumers may need to remember that when they send something to someone on the Internet, their ISP Customer Proprietary Network Information (CPNI), which “means information that relates to the quantity, technical configuration, type, destination, and amount of use of” telecommunications, may need to be kept private by their ISP in the future.

At the same time they also need to remember that the edge companies that receive that same upstream traffic which is naturally and inherently filled with CPNI in every communication, have no responsibility from the FCC, or the FTC, to protect the privacy of that CPNI private information.

Thus a helpful rule-of-thumb for consumers to remember about how the FCC’s new privacy policy will likely work, is this – whatever is the opposite of common sense.

On one hand the companies that consumers directly pay for their telephone, cellular, Internet access or cable service, whose economic interests are directly aligned with their paying customers, have FCC strict consumer privacy protection responsibilities, like they long have.

However, on the other hand, edge companies -- who are not paid by the consumer, and who collect, track and mine as much private consumer information without their permission as digitally possible to fund their advertising businesses, and who are not economically-aligned with consumers’ interests because the consumer is not their customer, but the product they sell to advertisers – will likely have absolutely no FCC or FTC responsibility to protect the privacy of consumers’ CPNI.

In addition to having an arbitrary and nonsensical ISP privacy policy, the FCC has signaled that in its upcoming AllVid proceeding, it plans to be consistently arbitrary and nonsensical in also having an arbitrary and nonsensical cable privacy policy for sellers of cable set-top boxes, where on one hand it will protect consumers’ video viewing privacy if the consumer gets their cable set-top-box from a regulated cable service or DBS service provider, but not if a consumer buys a similar video-viewing cable set-top-box from Google or another edge provider.

In sum, how is an American consumer to make sense of the FCC’s privacy policy now and going forward?

They aren’t.

A consumer can discern from the apparent arbitrariness of the FCC’s actions to date that this FCC’s first purpose is not consumer protection, its first purposes are protecting the FCC’s relevance and picking edge business interests as winners over ISP, wireless, cable and DBS provider business interests.

As the old adage goes, watch what they do, not what they say.

***

Scott Cleland served as Deputy U.S. Coordinator for International Communications & Information Policy in the George H. W. Bush Administration. He is President of Precursor LLC, a research consultancy for Fortune 500 companies, and Chairman of NetCompetition, a pro-competition e-forum supported by broadband interests.